package com.yuwenchao.superafflatus.config;

import com.yuwenchao.superafflatus.service.impl.LoginUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.annotation.Resource;
import javax.sql.DataSource;

/**
 * @author chaooGG
 * @version 1.0
 * @date 2021/7/23 10:41
 */
@Configuration
@EnableGlobalMethodSecurity(securedEnabled=true,prePostEnabled=true)  //开启注解  全局细粒度
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    LoginUserDetailsService loginUserDetailsService;


    // 注入 PasswordEncoder 类到 spring 容器中
    /*@Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }*/


    @Bean
    public BCryptPasswordEncoder encoding(){
        return new BCryptPasswordEncoder();
    }


    //@Autowired
    @Resource
    private DataSource dataSource;

    @Bean
    public PersistentTokenRepository persistentTokenRepository(){
        JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
        tokenRepository.setDataSource(dataSource);
        //tokenRepository.setCreateTableOnStartup(true);  //自己创建表可以省略 系统在启动的时候生成“记住我”的数据表（只能使用一次） persistent_logins
        return tokenRepository;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        //防止iframe
        http.headers().frameOptions().sameOrigin();

        //配置没有权限访问跳转自定义页面
        http.exceptionHandling().accessDeniedPage("/to403");

        http.authorizeRequests()
                .antMatchers("/Layuimini/**","/LightYear/**","/registPage","/user/login","/superLoginUser/**") //表示配置请求路径
                .permitAll() // 指定 URL 无需保护。
                .antMatchers("/verify-code").permitAll()    //验证码权限访问
                .anyRequest() // 其他请求
                .authenticated(); //需要认证

        // 配置认证
        http.formLogin()
                .loginPage("/loginPage") // 配置哪个 url 为登录页面
                .loginProcessingUrl("/user/login") // 设置哪个是登录的 url。
                .defaultSuccessUrl("/index")
                .permitAll();//登录成功之后，跳转路径

        //退出
        http.logout().logoutUrl("/logout").
                logoutSuccessUrl("/loginPage").permitAll();

        // 关闭 csrf
        http.csrf().disable();

        // 开启记住我功能
        http.rememberMe()
                .tokenRepository(persistentTokenRepository())
                //记住我功能5天
                .tokenValiditySeconds(60*60*24*5)   //单位为秒
                .userDetailsService(loginUserDetailsService);
    }
}
